How to install Sucuri WAF on WP Engine and migrate your site at the same time

Well I had an interesting problem migrating to WP Engine while installing Sucuri WAF this weekend. First of all, WP Engine’s hosting packages now come with a free SSL certificate from Let’s Encrypt. That’s great. More interesting, Sucuri also offers a free Let’s Encrypt SSL. Also cool. I’ve been told with their PRO account, they offer a free COMODO certificate– even better. When migrating to WP Engine with the intention of installing their new SSL certificate and putting it behind Sucuri’s WAF, we’re presented with a small problem: getting the SSL certificate installed…somewhere. But where? So, here’s how to install Sucuri WAF on WP Engine.

You cannot put your secured site behind the firewall before you install the SSL certificate. And you must put the SSL certificate on Sucuri’s end. Putting it on WP Engine will literally do nothing for you.

How to install Sucuri WAF on WP Engine

Step 1

Once you stage/replicate your existing site to WP Engine using their awesome automated tool (via their WordPress plugin), and add your domain to the domain settings dashboard, ensure you have an SSL certificate issued on Sucuri’s end, with either a Let’s Encrypt (FREE) SSL, or a COMODO Certificate. Contact Sucuri’s support to get this rolling.

Step 2

Initiate the DNSchange to point to the IP of the new Sucuri WAF server. Depending on your TTL setting, this may be an hour, two hours, or more. 3600 seconds is an hour.

How will you know when it’s finished? Open up terminal on mac and type this:

nslookup domain.com

Your “Non-authoritative answer:” should contain the IP address. If not, check back in a few minutes. Sometimes it may go back and forth between the two. This is called propagation.

Step 3

There isn’t a step 3, ha!

Conclusion

Well, that’s it. If you attempt to install the WP Engine provided SSL certificate prior to pointing your domain, it will fail. If you attempt to use Sucuri without an SSL on their end, it will fail. So the most important lesson here is: get the SSL installed on Sucuri first, then make the DNS change. Ignore SSL on WP Engine. You don’t need it.

Troubleshooting

About Alison Foxall

Alison Foxall is our resident WordPress aficionado. She's the lead organizer for WordCamp Tampa, as well as Tampa's WordPress Meetup group. Alison enjoys helping her clients succeed and meet their goals through inbound marketing. As a libertarian and member of Conscious Capitalism Florida, she believes that human potential will thrive in free markets.